►
From YouTube: [SIG-Network] Ingress NGINX meeting 20220119
Description
[SIG-Network] Ingress NGINX meeting 20220119
A
Hello,
everyone.
This
is
James
strong.
This
is
the
Ingress
nginx
sub
project
meeting
for
Sig
networking,
which
means
a
cncf
project,
and
we
are
here
to
the
cncf
code
of
conduct.
If
you
have
any
issues
or
if
there's
a
violation,
please
report
those
to
myself
or
the
Sig
networking
leads
with
that.
Today
is
January
19th
we're
going
to
talk
about
the
160
release
and
actually
do
the
release.
A
So
we
make
sure
that
it's
completed
and
with
that
there
is
one
major
change
that
we
wanted
to
talk
about.
So
I'm
going
to
pull
up
the
release,
notes
and
the
pr
and
we're
going
to
walk
through
the
one,
big
change
and,
while
I'm
doing
that
Ricardo.
Do
you
want
to
give
the
introduction
to
the
160
release
and
talk
about
that.
B
B
Yeah,
so
basically,
we
didn't
made
a
release
since
last
year
and
we
had
a
bunch
of
we
had.
We
had
a
bunch
of
things
to
fix
some
bug
fixes
some
improvements.
Folks
have
been
contributing
later
on
on
the
later
year
and
this
year,
with
with
improvements
from
end-to-end
tests
to
even
some
bug
fixes
on
on
synchronization,
and
we
think
that's
now,
it's
the
time
to
make
the
release
of
1.6
even
to
be
compatible
with
kubernetes
126.
B
But
this
really
is
also
adds
a
breaking
change,
which
is
I'm,
not
sure
if
everyone
knows
but
kubernetes,
when
Ingress
turn
it
into
V1
had
introductor
had
implemented.
What's
called
a
path,
type
that
you
can
say,
if
you
want
a
prefix,
a
a
an
exact
path
or
an
implementation
specific,
but
neither
kubernetes
or
us
never
validated
the
best
type,
and
if
what
what?
What
was
on
the
path,
it's
actually
compatible
with
the
path
type
right
so
per
the
kubernetes
API
comments
and
the
validation
that
should
exist.
B
The
path
type
should
be
compatible.
Sorry,
the
path
when
it's
exact
or
direct
or
prefix
should
be
compatible
with
the
RFC.
That
I
can't
remember
the
number,
but
that's
three
something
that
says
you
should
be
just
using
alphabetical
characters
and
some
special
characters
like
a
percentage
and
other
things
and
kubernetes
say
okay.
B
So
if
you
want
to
be
out
of
that,
you
should
be
using
path,
type,
implementation,
specific
right-
and
we
are
kind
of
starting
to
enforce
this
right
now
saying
that
we
are
not
gonna,
accept
any
more
ingresses
with
best
type,
prefix
or
exact
and
and
weird
characters,
including
the
characters
that
someone
may
use
when
they
are
using
rejects,
features
from
Ingress
in
Gen
X
right.
B
B
So
that's
on
the
documentation
that
James
it's
putting
on,
because
we
know
that
sometimes
people
may
just
be
using
that
way.
But
as
soon
as
we
want
this
to
be
implemented,
we
decided
to
go
with
this
default
enabled
right.
So
that's
a
the
new
default
behavior
for
a
breaking
change,
which
is
we
are
not
going
to
accept
path,
type
implementation
and
not
implementation.
Specific
with
rejects
is
there
additionally
to
that,
the
subset
that
characters
that
we
are
using?
B
It's
a
it's
smaller
than
even
the
RFC,
because
of
mainly
security
reasons
right
as
you've
followed
us
on
on
the
past,
we've
been
trying
to
close
some
common
injections
and
some
configurations
injections
on
Ingress,
but
we
understand
that
some
cases
may
be
may
need
some
special
characters.
So
that's
why
there
is
another
configuration
on
the
config
map
that
may
allow
the
admin
to
say:
okay,
I
trust,
my
users
on
this
cluster
and
I
know
that
they
can
use
whatever
random
weird
character.
They
want
to
use
on
their
path.
B
I
think
that's
mostly
out.
This
is
going
to
be
our
first
automated
release.
Thank
you,
James.
So
I
think
this
is
actually
a
huge
gain
for
us
because
releasing
English
engine
X
is
it's
just
a
real
pain.
It's
and
we've
been
trying
actually
to
automate
this
more
and
more
so.
We've
been
even
with
kubernetes
in
front
Sig
to
be
able
to
push
our
own
images
directly
to
station,
and
so
the
only
manual
step
is
going
to
be
the
promotion
of
the
image
to
production.
B
We
are
planning
for
the
next
version
version,
1.7,
deprecating,
pod
security
policy,
fixing
the
TLs
pass
through
and
other
things
and
then
going
from
there
to
probably
version
2,
which
is
going
to
be
displayed
between
control,
plane
and
data
play
right.
So
that's
a.
A
A
And
that's
adhering
to
the
to
the
kubernetes
API
that
we're
just
we
haven't
been
doing
the
validation
so
now
we're
enforcing
the
validation
of
what's
being
asked
to
us
on
the
apis,
yeah,
just
making
sure
that
I
understand
it
so
that
we
we've
clearly
enunciated
that,
because
I
know
that
they
can
be
when
I
was
reading
through
it.
It
was
confusing
to
say
the
least,
so
I
just
want
to
make
sure
that
we're
putting
it
out
there
very
clearly
of
what
folks
have
to
do
from
a
mitigation
perspective.
B
A
No,
it's
always
good.
That's
why
I
want
to
make
sure
that
everybody
read
through
the
release,
notes
and
the
change
log
as
we
were
getting
this
160
release
out
there
and
if
there
are
additional
characters
that
you're,
using
also
you
can
update
it
as
well
so
again
trying
to
make
it
secure,
while
still
flexible
from
a
user's
perspective.
Those
two
are
very
difficult,
with
the
amount
of
things
that
we
allow
folks
to
do,
and
what
nginx
or
the
Ingress
proxy
has
to
be
able
to
do
so
the
difficult
about.
A
So
thank
you
for
putting
that
out
there
Ricardo
and
then
I
think
just
from
a
release
perspective
a
missing
space.
Okay,
so
we've
we
forego
doing
the
normal
triage
process
that
we're
going
to
do
so.
We
want
to
get
160
out
there,
so
folks
can
see
that
it's
available
and
make
sure
that
we've
done
the
recording
so
working
through.
That
I
will,
of
course,
fix
all
of
the
next
nitpicks
that
you
have
Ricardo
any
other
questions
or
concerns
from
the
release
notes
perspective.
A
D
B
A
A
That's
a
new
one
too.
We
wanna,
okay,
yeah
the
requirements
for
the
chart,
that's
fair
and
then
bumping
the
chart
as
well
yep,
because
we
want
to
make
sure
that
folks
aren't
doing
an
automatic
rollout
like
we
saw
wika
152
so
that
we
can
get
that
updated
as
well,
and
then
yeah
we've
moved
all
of
the
change
logs
into
their
individual
folders
with
individual
notes.
A
So
you
can
see
that
the
changelog
is
now
in
a
different
directory
and
each
changelog
will
have
updated
notes
so
that
we
help
facilitate
the
automation
of
the
releases.
So
I
want
to
make
sure
that
folks
saw
that
that
the
change
logs
are
now
in
a
different
directory
than
what
they
would
expect
them
to
be
in.
D
I
have
a
question
just
out
of
curiosity
on
these
releases
Beyond.
You
know
the
the
normal
release
notes.
It's
been
in
the
release.
Putting
that
out
there
do.
We
do
any
kind
of
like
I,
don't
I
I
hate
to
call
it
marketing,
but
it's
like
anything
like.
C
D
A
A
No
to
the
trading
videos,
because
that
would
require
more
time
yeah
we
do.
We
do
release
it
for,
like
the
V1
beta,
1
change,
we
did
send
out
a
release,
note
and
an
email
to
the
kubernetes
dev
mailing
list.
We
drop
it
into
the
user,
slack
Channel
for
every
release.
We
do
that
for
the
huge
breaking
changes
we
do
send
out
emails
to
the
kubernetes
dev
mailing
list,
which
we
published
should
for
the
160
release
and
then
usually
I,
just
tweet
it
out
and
do
a
GitHub
release.
A
So,
okay,
beyond
that,
there's
not
really
much
more
marketing.
I
haven't
followed
up
with
Ricardo.
There
is
an
Ingress
nginx
Twitter
handle,
but
we
need
to
get
access
to
that.
That's
the
only
other
piece
that
we
can
probably
start
putting
release
notes
and
like
anticipating
changes
and
things
like
that
out
to
that
Twitter
handle
other
than
that.
That's
really
all
we
do
from
announcing
that
there's
a
release.
A
So
yeah
that
would
probably
be
helpful
once
we
have
like
the
the
updates
for
the
other
ones
like
we
talked
about,
the
160
might
be
a
little
late
for
that
one,
and
it
might
still
be
helpful
if
you
can
get
it
put
out
in
like
the
next
couple
of
weeks,
but
when
we
have
the
170
like
removing
pod
security
policies,
all
the
stuff
that
Ricardo
previously
talked
about
and
when
we
get
to
V2
with
doing
the
control
plan,
data
plane
split.
That
might
be
helpful
as
well.
To
have
some
videos
out
there.
D
A
Don't
think
anyone
else
would
reject
reject
that
idea
of
like
having
videos
or
like
changes
that
folks
need
to
make
yeah.
C
A
Yeah
I
I
work
with
some
of
the
digital
ocean,
folk
or
previous
digital
ocean
folks,
who
do
those
those
blog
posts
and
that's
some
high
quality
contents
out.
A
No
problem,
let
me
restart
the
share,
so
you
all
can
see
my
terrible
programming
now.
I
use,
Golan
and
I.
Don't
have
the
Mage
stuff
out
there
yet,
but
I
think
I
still
have
it
all
set
up.
A
A
A
A
You
might
want
to
get
the
Mage
stuff
merged
so
that
I
don't
have
to
do
a
bunch
of
get
hackery
Ricardo.
Do
you
wanna
you
wanna,
look
at
that
I
think
it's
I
think
I've
updated
everything.
The
big
thing
was
the
boilerplate
changes
was
to
get
that
released
because
that
was
that
was
a
requirement
for
that.
B
Sorry,
sorry,
James,
can
you
can
you
repeat
that.
A
I
want
to
get
this
merged
in
so
I.
Don't
have
to
do
a
bunch
of
get
trickery
of
checking
out
all
the
Mage
code
to
do
the
release.
Okay,.
A
A
A
Yeah
I
I,
didn't
I,
haven't
had
a
chance
to
look
at
the
Cogen
one.
What
that
one
does,
but
those
headers
should
be
good
to
go
because
it
worked
locally,
because
that
test
is
local
because
it
just
ultimately
runs
one
of
our
tests.
A
D
A
A
A
A
Yeah,
it
is
because
of
all
of
those
changes,
because
one
of
the
things
that
it
does
with
this
automated
release
is
that
it
puts
everything
in
alphabetical
order
and
adds
a
bunch
of
other
details,
because
we're
actually
checking
the
spec
yeah
there.
It
is
there's
the
issue.
That's
one
of
the
issues.
A
A
Okay,
so
that's
my
action
item.
One
of
the
other
things
I
wanted
to
talk
about
this
kind
of
like
a
meeting
framework
perspective.
Is
that
we're
good
at
assigning
action
items
but
not
following
up
on
those
action
items
so
I
once
wanted
to
add
a
part
of
the
meeting
is
that
we
just
we
put
in
some
time
to
follow
up
on
the
action
items
from
the
previous
meeting.
A
A
Know
I
know
one
of
the
other
things
I
wanted
to
talk
about
too,
is
that
I
know
we're
very
close
to
finishing
up
most
of
the
stabilization
work.
A
A
How
does
everyone
feel
about
that?
One
as
well
closing
out
that
project
and
moving
to
this
project
that
gets
automatically
added?
So
you
see
we
have
40
issues,
so
we
automatically
add
issues
now
as
people
open
up
issue
requests
and
PRS,
they
automatically
get
added
to
this
project
via
GitHub
actions.
So
we
can
start
using
this
project
to
track
work
and
work
through
everything
that
we've
been
working
on.
So
adding
the
leftover
four
or
five
tasks
from
the
stabilization
project
to
this
project
board
and
then
working
through
this
one.
B
A
That's
my
my
bad
on
that
the
holiday,
the
middle
of
the
holiday
break,
just
testing
it
out,
but
yeah,
creating
some
new
views
like
open,
PRS,
maintainers,
the
maintainer
is
assigned
to
work,
and
things
like
that.
I
do
want
to
I
want
to
play
around
with
the
labels
and
the
swim
lanes,
and
things
like
that,
and
just
but
just
getting
us
into
the
rhythm
of
using
this
board
to
track
work
and
making
sure
things
are
labeled
properly.
A
But
we
can't
do
that
until
we
start
actually
using
it
and
getting
comfortable
with
it.
So
I
agree
it
does
need
some
work,
but.
B
Yeah
I
I
I
want
it,
but
I'm
not
sure
we
are
gonna
have
Simon
and
I
think
that
those
can
be
actually
breaking
changes
future
breaking
changes,
because,
to
be
honest,
it
took
me
too
too
much
long
to
finish
all
of
the
control
plane,
data
plane
split,
so
I
don't
want
to
add
that
one
specifically
as
well
to
our
bucket
of
changes
and
then
get
get
people
mad
at
us.
Like
hey,
you
broke
a
lot
of
things
at
owns.
A
Before
we
do
the
removal
right
so
we've
got
the
open,
Telemetry
piece
in
there.
We
probably
should
have
a
migration
dot
so
like
if
you're,
using
Zipkin,
Jaeger
or
those
pieces
have
folks,
you
know,
have
a
migration
path
to
using
the
open,
Telemetry
and
then
do
the
removal
so
in
a
couple
step
process
so
yeah.
A
So
when
we
do
do
the
removal
again,
I
want
to
make
sure
that
we've
done
ample
communication,
that
when
we
do
the
the
breaking
changes
folks
have
known
about
it,
they
have
a
migration
path
forward
and
then
we
do
the
change.
So
that's
good
long,
do
you
know
I,
don't
think
we
had
a
separate
ticket
open
for
that
item
to
do
that.
Removal.
D
A
Yeah,
let's
I'll,
add
an
action
item
to
create
that
ticket
and
the
two
steps
right
or
the
have
the
migration
path
documented
in
our
documentation
and
then
in
one
of
our
next
releases,
Maybe
7170.
We
can
do
the
removal,
but
I
just
want
to
make
sure
we
do
things
piecewise
right.
A
Well,
mod
security
is
a
is
a
separate
one
from
the
open,
telem
shape
case,
but
we
can.
We
can
talk
about
that.
One
separately,
yeah.
C
Okay
and
I
think
they've
lost
the
ticket
which,
which
did
have
words
about
removing
so
I,
will
search
and
they'll
confirm
on
track.
C
Ricardo
it's
important,
but
the
low
priority
bug
kind
of
got
reported,
they're,
saying
that
if
somebody
is
using
external
name
as
the
Ingress
backend
and
and
they
and
they
have
a
TLS
thing
going
on
there,
so
they're
saying
that
if
it
is
a
CH
rooted
image,
then
because
the
ETC
SSL
third
path
is
not
available
for
the
CH
rotate
image.
Then,
if
somebody
does
want
to
use
the
default
cert
against
the
proxied
destination,
then
it's
not
going
then
CH
rooted
image
has
a
caveat
there.
The
ch320
image
can't
do
that.
B
Yeah
I
I
need
to
check
this
because
this
external
DNS
stuff
and
all
of
this
seeing
would
be
probably
how
to
figure
out
how
how
the
balancer
actually
deals
with
that
so
I
would
I
would
say
that
yeah
I,
don't
know
long.
I
I
need
to
take
a
look
into
that
as
well
from
the
top
of
my
head
I
that
the
third
pieces
of
the
code
that
I
have
never
touched
it
so
I,
don't
know
how
this
can
be
I.
A
Brought
it
up
to
us
one
of
those
things
where
it's
like
just
because
you
can
do
it
doesn't
mean
you
should,
because
that
does
introduce
a
security
risk
of
like
having
proxying
to
an
external
name,
I.
Think
with.
C
It's
not
a
small
use
case
and
I
think
the
problem
we
have
is
that
we
did
support
it.
We
have
annotations
and
config
map
documentation
that
people
who
want
to
do
that
can
do
that.
So
I
I
was
talking
to
this
guy
on
the
on
the
issue
I'm
telling
him.
Why
would
he
want
to
do
that?
He
said
he
just
wants
those
applications
available
on
a
host
name
of
their
choice.
It
doesn't
want
to
and
of
the
redirection
to
clients.
C
So
he
is
doing
that
and
it's
actually
open
issues
on
that
from
last
year
about
two
years
from
2021.
C
So
he's
saying
he's
a
pro
he's,
probably
the
only
person
asking
for
it
right
now,
but
so
it's
low
priority,
but
it
kind
of
popped
up,
because
it's
important
in
the
sense
that
we
have
a
feature
and
just
because
of
CH
root,
so
not
important
but
Ricardo,
because
you're
talking
about
streaming
changing
the
implementation
to
engineering.
Extreme
I
was
wondering
if
it
matters
there
or
proxy
is
a
different
code
path
and
streaming
is
a
different
code.
It's.
C
A
A
That's
where
we're
at
I
vote
that
we
use
the
rest
of
the
half
hour
to
clean
up
the
release
process
and
go
from
there
and
then
I'll
put
out
we'll
probably
should
I'll
open
up
a
a
Google
Drive
doc.
If
we
want
Ricardo,
do
you
think
we
should
also
put
out
the
email
and
the
email
to
the
kubernetes
dev
mailing
list
outlining
what
we've
just
talked
about
and
when
we
have
the
reporting
put
the
reporting
in
there
yeah.
A
I'll
do
that
now,
while
we're
talking
and
then
I'll
just
I'll
copy
and
paste,
what's
in
the
release,
notes
and
then
we'll
go
from
there
and
I
think
that's
I
think
that's
a
pretty
high,
not
high
bar
I,
think
that's
us
doing
our
diligence
making
sure
everyone's
aware
of
the
changes
and
I'll
get
the
release
out
today,
and
it
was.
It
was
the
fact
that
it
was
a
Friday
release
on
a
holiday
weekend
before
the
new
year.
Definitely
don't
do
that.
A
I
have
no
issues
doing
Friday
releases,
but
it
was
the
Friday
release
with
a
breaking
change
in
front
of
the
holiday
but
yeah
with
that
I'll
go
ahead
and
I'll
I'll
close
out
the
recording
and
then
we
can
work
through.
We
can
work
through
the
rest
of
the
things
with
the
time
that's
available,
foreign.